aevgarik/paperclip
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add board mutation guard middleware

Browse Source 
Require trusted browser origin (Origin or Referer header) for
mutating requests from board actors, preventing cross-origin
mutation attempts against the local-trusted API.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Forgotten
2026-02-20 15:48:30 -06:00
parent 49e15f056d
commit 82da8739c1
3 changed files with 123 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/src/app.ts
View File

@@ -6,6 +6,7 @@ import type { Db } from "@paperclip/db";
import type { StorageService } from "./storage/types.js";
import { httpLogger, errorHandler } from "./middleware/index.js";
import { actorMiddleware } from "./middleware/auth.js";
import { boardMutationGuard } from "./middleware/board-mutation-guard.js";
import { healthRoutes } from "./routes/health.js";
import { companyRoutes } from "./routes/companies.js";
import { agentRoutes } from "./routes/agents.js";
@@ -33,6 +34,7 @@ export async function createApp(db: Db, opts: { uiMode: UiMode; storageService:
// Mount API routes
const api = Router();
api.use(boardMutationGuard());
api.use("/health", healthRoutes());
api.use("/companies", companyRoutes(db));
api.use(agentRoutes(db));